display attack-defense policy ipv6
Use display attack-defense policy ipv6 to display information about IPv6 addresses protected by flood attack detection and prevention.
Syntax
In standalone mode:
display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ slot slot-number ] ] [ count ]
In IRF mode:
display attack-defense policy policy-name { ack-flood | dns-flood | fin-flood | flood | http-flood | icmpv6-flood | rst-flood | syn-ack-flood | syn-flood | udp-flood } ipv6 [ ipv6-address [ vpn vpn-instance-name ] ] [ chassis chassis-number slot slot-number ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
policy-name: Specifies an attack defense policy by its name. The policy name is a case-insensitive string of 1 to 31 characters. Valid characters include uppercase and lowercase letters, digits, underscores (_), and hyphens (-).
ack-flood: Specifies ACK flood attack.
dns-flood: Specifies DNS flood attack.
fin-flood: Specifies FIN flood attack.
flood: Specifies all IPv6 flood attacks.
http-flood: Specifies HTTP flood attack.
icmpv6-flood: Specifies ICMPv6 flood attack.
rst-flood: Specifies RST flood attack.
syn-ack-flood: Specifies SYN-ACK flood attack.
syn-flood: Specifies SYN flood attack.
udp-flood: Specifies UDP flood attack.
ipv6-address: Specifies a protected IPv6 address. If you do not specify an IPv6 address, this command displays information about all protected IPv6 addresses.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the IPv6 address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Do not specify this option if the IPv6 address is on the public network.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information about IPv6 addresses protected by flood attack detection and prevention for all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about IPv6 addresses protected by flood attack detection and prevention for all cards. (In IRF mode.)
count: Displays the number of matching IPv6 addresses protected by flood attack detection and prevention.
Examples
# (In standalone mode.) Display information about all IPv6 addresses protected by flood attack detection and prevention in attack defense policy abc.
<Sysname> display attack-defense policy abc flood ipv6 Slot 1: IPv6 address VPN instance Type Rate threshold(PPS) Dropped 2013::127f -- SYN-ACK-FLOOD 100 4294967295 2::5 -- ACK-FLOOD 100 10 1::5 -- ACK-FLOOD 100 23 Slot 2: IPv6 address VPN instance Type Rate threshold(PPS) Dropped
# (In standalone mode.) Display the number of IPv6 addresses protected by flood attack detection and prevention in attack defense policy abc.
<Sysname> display attack-defense policy abc flood ipv6 count Slot 1: Totally 3 flood protected IP addresses. Slot 2: Totally 0 flood protected IP addresses.
Table 74: Command output
Field | Description |
---|---|
Totally 3 flood protected IP addresses | Total number of the IPv6 addresses protected by flood attack detection and prevention. |
IPv6 address | Protected IPv6 address. |
VPN instance | MPLS L3VPN instance to which the protected IPv6 address belongs. If the protected IPv6 address is on the public network, this field displays hyphens (--). |
Type | Type of the flood attack. |
Rate threshold(PPS) | Threshold for triggering the flood attack prevention, in units of packets sent to the IPv6 address per second. If no rate threshold is set, this field displays a hyphen (-). |
Dropped | Number of dropped attack packets. If the prevention action is logging, this field displays 0. |